Are you actually using 2.4.0.CR1? That's old and unsupported, maybe you
actually wanted to use 3.4.0.CR1? "hmac-generated" was added in 2.5.5.
On 4 December 2017 at 18:40, Marcelo Miura <marcelo.miura(a)gdcommunity.co.uk>
wrote:
Thanks for your answers.
http://localhost:8080/auth/admin/master/console/#/server-info/providers
On keys I see the following:
rsa
java-keystore
rsa-generated
On the COMPONENT table of the keycloak db, I could see 2 records related
to hmac-generated. I removed both in attempt to fix the problem (it’s
happening on my dev server). On production I do not see those records and
it's currently working fine.
Then, I tried to created the provider rsa again, so the old provider
appeared back. Then I deleted the providers that I created and the error
related to the keys is not showing anymore.
But I’m still facing the authentication issue by Direct Grant.
On my local server I do not have this issue.
Version used: 2.4.0.CR1
On 4 Dec 2017, at 14:34, Marek Posolda <mposolda(a)redhat.com> wrote:
Does this happen when you start latest Keycloak from clean state? Or did
you migrate from some previous version?
Marek
On 04/12/17 14:57, Marcelo Miura wrote:
Hi,
I’m using Direct Grant to authenticate with an admin user to be able to
create new users into Keycloak and be able to reset user passwords.
But for some reason, the authentication is not working anymore. It’s
returning that the user credentials are invalid, as follows:
{
"error": "invalid_grant",
"error_description": "Invalid user credentials"
}
But when logging in into the Admin Console, the credentials are working
fine.
Keycloak log:
2017-11-30 20:22:31,631 WARN [org.keycloak.events] (default task-29)
type=LOGIN_ERROR, realmId=master, clientId=admin, userId=null,
ipAddress=xxx.xx.xx.xx error=invalid_user_credentials,
auth_method=openid-connect, grant_type=password, client_auth_method=client-secret,
username=admin
2017-11-30 20:22:31,631 WARN [org.keycloak.services] (Brute Force
Protector) KC-SERVICES0053: login failure for user <userid> from
xxx.xx.xx.xx
*replaced some values as required by the client
Not sure if it’s related but on the last days when accessing the realm
settings - keys, it was displaying an error: "Error! An unexpected server
error has occurred” and the tabs Active and Providers didn’t show any keys.
Keycloak log:
2017-11-30 20:20:52,033 ERROR [org.keycloak.keys.DefaultKeyManager]
(default task-24) Failed to load provider <provider id>:
java.lang.NullPointerException
at org.keycloak.keys.DefaultKeyManager.getProviders(
DefaultKeyManager.java:133)
at org.keycloak.keys.DefaultKeyManager.getPublicKey(
DefaultKeyManager.java:70)
at org.keycloak.services.managers.AuthenticationManager.
verifyIdentityToken(AuthenticationManager.java:688)
at org.keycloak.services.managers.AppAuthManager.authenticateBearerToken(
AppAuthManager.java:64)
at org.keycloak.services.resources.admin.AdminRoot.
authenticateRealmAdminRequest(AdminRoot.java:175)
at org.keycloak.services.resources.admin.AdminRoot.
getRealmsAdmin(AdminRoot.java:209)
at sun.reflect.GeneratedMethodAccessor371.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(
ResourceLocatorInvoker.java:79)
at org.jboss.resteasy.core.ResourceLocatorInvoker.createResource(
ResourceLocatorInvoker.java:58)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:100)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.
service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(
ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(
KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(
FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHand
ler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandl
er.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
er.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.
handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
2017-11-30 20:20:52,038 ERROR [io.undertow.request] (default task-24)
UT005023: Exception handling request to /auth/admin/realms/master/components:
org.jboss.resteasy.spi.UnhandledException: java.lang.RuntimeException:
java.lang.IllegalArgumentException: No such provider 'hmac-generated'
at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(
ExceptionHandler.java:76)
at org.jboss.resteasy.core.ExceptionHandler.handleException(
ExceptionHandler.java:212)
at org.jboss.resteasy.core.SynchronousDispatcher.writeException(
SynchronousDispatcher.java:168)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:411)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:202)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.
service(ServletContainerDispatcher.java:221)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.
HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(
ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:129)
at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(
KeycloakSessionServletFilter.java:90)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.
doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(
FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.
handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(
ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHand
ler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandl
er.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandl
er.handleRequest(ServletAuthenticationCallHandler.java:57)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.security.handlers.AbstractConfidentialityHandler
.handleRequest(AbstractConfidentialityHandler.java:46)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstrai
ntHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
at io.undertow.security.handlers.AuthenticationMechanismsHandle
r.handleRequest(AuthenticationMechanismsHandler.java:60)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHand
ler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
at io.undertow.security.handlers.NotificationReceiverHandler.
handleRequest(NotificationReceiverHandler.java:50)
at io.undertow.security.handlers.AbstractSecurityContextAssocia
tionHandler.handleRequest(AbstractSecurityContextAssocia
tionHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.
handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(
PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(
ServletInitialHandler.java:284)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(
ServletInitialHandler.java:263)
at io.undertow.servlet.handlers.ServletInitialHandler.access$
000(ServletInitialHandler.java:81)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(
ServletInitialHandler.java:174)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
at io.undertow.server.HttpServerExchange$1.run(
HttpServerExchange.java:793)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.RuntimeException: java.lang.IllegalArgumentException:
No such provider 'hmac-generated'
at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(
ComponentUtil.java:69)
at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(
ComponentUtil.java:39)
at org.keycloak.models.utils.StripSecretsUtils.strip(
StripSecretsUtils.java:39)
at org.keycloak.models.utils.ModelToRepresentation.toRepresentation(
ModelToRepresentation.java:815)
at org.keycloak.services.resources.admin.ComponentResource.getComponents(
ComponentResource.java:118)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(
MethodInjectorImpl.java:139)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(
ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(
ResourceMethodInvoker.java:249)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
ResourceLocatorInvoker.java:138)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:107)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(
ResourceLocatorInvoker.java:133)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(
ResourceLocatorInvoker.java:101)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(
SynchronousDispatcher.java:395)
... 37 more
Caused by: java.lang.IllegalArgumentException: No such provider
'hmac-generated'
at org.keycloak.models.utils.ComponentUtil.getComponentFactory(
ComponentUtil.java:81)
at org.keycloak.models.utils.ComponentUtil.getComponentConfigProperties(
ComponentUtil.java:56)
... 55 more
But when I check the keycloak database, seems that the key and provider
are there.
Any thoughts?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user